myjoboffer Support Portal

myjoboffer Security Statement

Modified on: Mon, 11 Jun, 2018 at 11:56 AM

Our products and services are transforming manual HR processes into engaging, flexible and reliable digital solutions. The cornerstone of our success is providing a safe and secure place to manage employee information.

On this page we outline the controls, processes and precautions we take and that are necessary to maintain the confidentiality, integrity and availability of the myjoboffer platform. myjoboffer is a multi-tenant Software as a Service (Saas) application and the protection, confidentiality and integrity of our customers data and application infrastructure is critical.

Our approach to information security will continually evolve to achieve the correct balance between service, security and efficiency, and keep up to date with advances in technology.

What external audits or assessment results are available to review?

At myjoboffer we take information security seriously. That is why Qtiviti Consulting Group Pty Limited (including myjoboffer) has achieved ISO 27001:2013 certification for our business operations. ISO 27001 sets out the requirements of information security management systems. It is part of the ISO 27000 family of international standards relating to information and cyber security and offers a comprehensive set of controls, based on best practice in information security.

Application and database servers only have required ports open for specific required services

Does myjoboffer encrypt my data?

Yes! myjoboffer encrypts data Communications over the internet using HTTPS and Secure Socket Layer (SSL), a cryptographic protocol designed to protect against eavesdropping, tampering and message forgery. All SSL Certificates use SHA-256 signature algorithm with RSA Encryption. To ensure an additional layer of security myjoboffer operates on private subnet through Virtual Private Cloud ensuring an encrypted tunnel to stored data.

We also encrypt passwords in the database using SHA-1 password encryption - plain text passwords are never stored!

How is my data archived or removed?

During an active subscription all customer data is maintained within the system unless the customer has deleted a record themselves.

If a customer chooses to leave myjoboffer their data is kept for a minimum of 60 days from the date of the expiry or termination of the agreement. Customers may request in writing that all customer data is deleted and this will be executed within 14 days.

How is my Data segregated from other customers data?

As a multi-tenanted application myjoboffer classifies and binds customer data using a combination of User ID and Organisation ID. The organisation for the purposes of myjoboffer is the "Tenant". This means that whenever data is created or accessed the application applies validation rules to retrieve only information relevant to the tenant.

Who at myjoboffer has access to my data?

myjoboffer has strict protocols in place to ensure that your data can only be accessed by authorised myjoboffer employees on a needs to know basis. "Needs to know" is typically defined as those employees who provide technical support and production system configuration support.

All development and product testing is conducted in our staging and development environments which are segregated from the main production server and database. Data contained within the staging and development environments is fictitious and does not identify with actual data contained within the production instance.

From time to time access and testing is required on the production environment. Any access and testing on the production environment is limited to authorised employees operating under strict defined guidelines. All staff who may have reason to access production environments are direct employees of myjoboffer and are located in our offices in Brisbane, Australia.

Was this answer helpful?
Yes
No

Sorry we couldn't be helpful. Help us improve this article with your feedback.